Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Endpoint Security Lacking Among Federal Organizations

One of the most significant origins of endpoint challenges stem from federal employees using personal devices for work, according to the report.

Federal agencies are facing an explosion in the both the volume and variety of network endpoints, providing far more opportunities for malicious access to government networks, according to a MeriTalk and Palo Alto Networks survey of 100 U.S. Federal IT managers and 100 Federal employees.

The study found 44 percent of endpoints are unknown or unprotected and that barely half of federal government survey respondents have taken critical steps to secure endpoints, such as scanning for vulnerable or infected endpoints.

One of the most significant origins of endpoint challenges stem from federal employees using personal devices for work purposes, according to the report.

Agencies with bring your own device (BYOD) policies are failing to enforce appropriate policies for those devices among their employees, with 45 percent of federal employees who use personal devices for work purposes having either not reviewed their agency’s BYOD policy or don’t believe one exists.

Further reading

"There are practical ways to train employees such as by simply including endpoint-specific risks in the overall security training that agencies already require of their employees," Pamela Warren, director of government and industry initiatives at Palo Alto Networks, told eWEEK.

She said red team exercises should always include endpoint-related attacks to drive home key learnings about why security is important at the endpoint. These training exercises should incorporate IT as well as SCADA, or operational, environments, and personal devices that are permitted on BYOD agencies.

When it comes to overall endpoint security policies, 89 percent of federal IT managers say their agency’s policies need to improve – and just over half say their current policies and standards are very effective, practical, or enforceable.

"When you look at the cyber-attack lifecycle, endpoints can certainly be a way into an organization," Warren said. "And since the number of endpoints – when you define it as any device connected to the network – will only grow with IoT, all government agencies need to be cognizant of every endpoint in order to appropriately secure all of them. Many attacks are successful because they take advantage of a vulnerability on an endpoint application."

She explained this scenario can be catastrophic when, in SCADA environments, endpoints are running outdated applications or operating systems, many of which simply cannot be patched.

"Given this, endpoint security needs to be top of mind when it comes to security policies," Warren said. "It starts with knowing what endpoints you have, securing them, and enforcing your security policies. Think about continuous monitoring programs, including the formalized CDM program, and certainly ensure that endpoints are all regularly monitored and protected."